新华三攻防实验室
2021/11/10
1. 漏洞综述
1.1 漏洞背景
2021年10月13日,新华三攻防实验室威胁预警团队监测发现Microsoft官方发布了11月安全更新,此次安全更新共发布了55个漏洞的补丁,主要覆盖了以下组件:Azure Sphere、Microsoft Office Access、Microsoft Exchange Server、Microsoft Dynamics、3D Viewer等。在此次更新的补丁中,其中有6个被微软标记为严重漏洞,49个为高危漏洞。
对此,新华三攻防实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
1.2 重点漏洞
CVE-2021-42292 Microsoft Excel 安全功能绕过漏洞
该漏洞是由于Excel文件的输入未能被正确验证造成,恶意攻击者可以利用特制的Excel文件,诱使受害者打开后触发漏洞,最终在目标系统上执行任意代码。
CVE-2021-42321 Microsoft Exchange Server 远程执行代码漏洞
该漏洞是由于Microsoft Exchange Server 对于cmdlet参数的验证不足,恶意攻击者可以无需用户交互的情况下,远程运行特制的cmdlet并执行任意命令。该漏洞在天府杯中疑似被利用。
CVE-2021-42316 Microsoft Dynamics 365(本地)远程执行代码漏洞
该漏洞是由于Microsoft Dynamics 365(本地)的输入验证不正确,经过身份验证的恶意攻击者通过发送特制的恶意请求数据,能够在目标系统上执行任意代。
CVE-2021-38666 远程桌面客户端远程执行代码漏洞
该漏洞是由于mstscax.dll中存在基于缓冲堆的缓冲区溢出问题,恶意攻击者在诱骗受害者RDP客户端连接到恶意服务器后,通过RDP智能卡虚拟扩展功能出发该漏洞。
CVE-2021-41356 Windows 加密拒绝服务漏洞
该漏洞是由于Windows对用户提供的输入的不足,恶意攻击者可以远程将特制的输入传递给应用从而导致拒绝服务。
CVE编号 | 受影响产品 |
CVE-2021-42292 | Microsoft Office LTSC 2021 for 32-bit editions | Microsoft Office LTSC 2021 for 64-bit editions | Microsoft Office LTSC for Mac 2021 | Microsoft 365 Apps for Enterprise for 64-bit Systems | Microsoft 365 Apps for Enterprise for 32-bit Systems | Microsoft Office 2019 for Mac | Microsoft Office 2019 for 64-bit editions | Microsoft Office 2019 for 32-bit editions | Microsoft Office 2013 Service Pack 1 (64-bit editions) | Microsoft Office 2013 Service Pack 1 (32-bit editions) | Microsoft Office 2013 RT Service Pack 1 | Microsoft Excel 2013 Service Pack 1 (64-bit editions) | Microsoft Excel 2013 Service Pack 1 (64-bit editions) | Microsoft Excel 2013 Service Pack 1 (32-bit editions) | Microsoft Excel 2013 Service Pack 1 (32-bit editions) | Microsoft Excel 2013 RT Service Pack 1 | Microsoft Excel 2013 RT Service Pack 1 | Microsoft Office 2016 (64-bit edition) | Microsoft Office 2016 (32-bit edition) | Microsoft Excel 2016 (64-bit edition) | Microsoft Excel 2016 (64-bit edition) | Microsoft Excel 2016 (32-bit edition) | Microsoft Excel 2016 (32-bit edition) |
|
CVE-2021-42321 | Microsoft Exchange Server 2016 Cumulative Update 21 | Microsoft Exchange Server 2019 Cumulative Update 11 | Microsoft Exchange Server 2016 Cumulative Update 22 | Microsoft Exchange Server 2019 Cumulative Update 10 |
|
CVE-2021-42316 | Microsoft Dynamics 365 (on-premises) version 9.0 | Microsoft Dynamics 365 (on-premises) version 9.1 |
|
CVE-2021-38666 | Windows 10 Version 20H2 for 32-bit Systems | Windows 10 Version 20H2 for x64-based Systems | Windows Server, version 2004 (Server Core installation) | Windows 10 Version 2004 for x64-based Systems | Windows 10 Version 2004 for ARM64-based Systems | Windows 10 Version 2004 for 32-bit Systems | Windows Server 2022 (Server Core installation) | Windows Server 2022 | Remote Desktop client for Windows Desktop | Windows 10 Version 1909 for ARM64-based Systems | Windows 10 Version 21H1 for 32-bit Systems | Windows 10 Version 21H1 for ARM64-based Systems | Windows 10 Version 21H1 for x64-based Systems | Windows 10 Version 1909 for x64-based Systems | Windows 10 Version 1909 for 32-bit Systems | Windows Server 2019 (Server Core installation) | Windows Server 2019 | Windows 10 Version 1809 for ARM64-based Systems | Windows 10 Version 1809 for x64-based Systems | Windows 10 Version 1809 for 32-bit Systems | Windows Server 2012 R2 (Server Core installation) | Windows Server 2012 R2 (Server Core installation) | Windows Server 2012 R2 | Windows Server 2012 R2 | Windows Server 2012 (Server Core installation) | Windows Server 2012 (Server Core installation) | Windows Server 2012 | Windows Server 2012 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Windows Server 2008 for x64-based Systems Service Pack 2 | Windows Server 2008 for x64-based Systems Service Pack 2 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Windows Server 2008 for 32-bit Systems Service Pack 2 | Windows Server 2008 for 32-bit Systems Service Pack 2 | Windows RT 8.1 | Windows 8.1 for x64-based systems | Windows 8.1 for x64-based systems | Windows 8.1 for 32-bit systems | Windows 8.1 for 32-bit systems | Windows 7 for x64-based Systems Service Pack 1 | Windows 7 for x64-based Systems Service Pack 1 | Windows 7 for 32-bit Systems Service Pack 1 | Windows 7 for 32-bit Systems Service Pack 1 | Windows Server 2016 (Server Core installation) | Windows Server 2016 | Windows 10 Version 1607 for x64-based Systems | Windows 10 Version 1607 for 32-bit Systems | Windows 10 for x64-based Systems | Windows 10 for 32-bit Systems | Windows 11 for ARM64-based Systems | Windows 11 for x64-based Systems | Windows Server, version 20H2 (Server Core Installation) | Windows 10 Version 20H2 for ARM64-based Systems |
|
CVE-2021-41356 | Windows Server 2016 (Server Core installation) | Windows Server 2016 | Windows 10 Version 1607 for x64-based Systems | Windows 10 Version 1607 for 32-bit Systems | Windows 10 for x64-based Systems | Windows 10 for 32-bit Systems | Windows 11 for ARM64-based Systems | Windows 11 for x64-based Systems | Windows Server, version 20H2 (Server Core Installation) | Windows 10 Version 20H2 for ARM64-based Systems | Windows 10 Version 20H2 for 32-bit Systems | Windows 10 Version 20H2 for x64-based Systems | Windows Server, version 2004 (Server Core installation) | Windows 10 Version 2004 for x64-based Systems | Windows 10 Version 2004 for ARM64-based Systems | Windows 10 Version 2004 for 32-bit Systems | Windows Server 2022 (Server Core installation) | Windows Server 2022 | Windows 10 Version 21H1 for 32-bit Systems | Windows 10 Version 21H1 for ARM64-based Systems | Windows 10 Version 21H1 for x64-based Systems | Windows 10 Version 1909 for ARM64-based Systems | Windows 10 Version 1909 for x64-based Systems | Windows 10 Version 1909 for 32-bit Systems | Windows Server 2019 (Server Core installation) | Windows Server 2019 | Windows 10 Version 1809 for ARM64-based Systems | Windows 10 Version 1809 for x64-based Systems | Windows 10 Version 1809 for 32-bit Systems |
|
3. 处置方法
3.1官方补丁
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov